Download as
Browse Code »

Commit 7c655652d42e7d40539cc64ad4abf44bf6d98663

Authored by Joenio Costa
Committed by Antonio Terceiro
1 parent 08f085e6
Exists in master and in 28 other branches 1.2+SPB2, 2_split_by_role, add_fields_in_api, api_fixies, api_pagination, api_private_token, api_tasks, article_hit_count, blog_page_bug, checkbox_to_user_can_edit_page, communities_ratings, communities_ratings_moderation, community_ratings_rebase, fix_cloned_article_parent, fix_gallery_image_url, fix_javascript_categories, fix_optional_fields, fix_suggest_article, fix_user_email_validation, highlight_block_fix, notification_plugin, notification_plugin_rebase, script_to_update, split_by_role, stable, temp_ratings, tests, tests_fixies

not sanitize target attribute from tag <a>

Showing 2 changed files with 7 additions and 1 deletions   Show diff stats
config/environment.rb
  Diff comments   View file @7c65565
@@ -78,7 +78,7 @@ Rails::Initializer.run do |config| @@ -78,7 +78,7 @@ Rails::Initializer.run do |config|
78 } 78 }
79 79
80 # Adds custom attributes to the Set of allowed html attributes for the #sanitize helper 80 # Adds custom attributes to the Set of allowed html attributes for the #sanitize helper
81 - config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style' 81 + config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style', 'target'
82 82
83 # Adds custom tags to the Set of allowed html tags for the #sanitize helper 83 # Adds custom tags to the Set of allowed html tags for the #sanitize helper
84 config.action_view.sanitized_allowed_tags = 'object', 'embed', 'param' 84 config.action_view.sanitized_allowed_tags = 'object', 'embed', 'param'
test/unit/tiny_mce_article_test.rb
  Diff comments   View file @7c65565
@@ -26,4 +26,10 @@ class TinyMceArticleTest &lt; Test::Unit::TestCase @@ -26,4 +26,10 @@ class TinyMceArticleTest &lt; Test::Unit::TestCase
26 assert_includes Article.find_by_contents('article'), tma 26 assert_includes Article.find_by_contents('article'), tma
27 end 27 end
28 28
  29 + should 'not sanitize target attribute' do
  30 + ze = create_user('zezinho').person
  31 + article = TinyMceArticle.create!(:name => 'open link in new window', :body => "open <a href='www.invalid.com' target='_blank'>link</a> in new window", :profile => ze)
  32 + assert_tag_in_string article.body, :tag => 'a', :attributes => {:target => '_blank'}
  33 + end
  34 +
29 end 35 end